Debian Security Advisory 1413-1 - Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes.
3004a57524df98d6976c1c2e06fe87754fe4a48eaf25d9d14ca11b341229fb84Secunia Security Advisory - Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
f5c40b4b33ce922c7330a668e7c566a51fce90dc4743dd8f955593ed281baaaaSecunia Security Advisory - A vulnerability has been reported in feynmf, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
9a336d995af6ee59fcdb00497d17b9fb2bf0e7bddd916ab01fdd32c3cd5202dcSecunia Security Advisory - Tim Brown has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
30454bbb7a5cb6044804aefcd1eeb3ff8762d12e8b0cf0f561d0d60d1e60d195Secunia Security Advisory - A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system.
d863e1700e4cce1e17662b881e23d8fbedbbb1c0ff6a2a82e3ffa38c96323a93Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
d70a3a64fa245941097ed490e8c67aafe93f38b1d67eee03a77465a45d074491HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d835f86ef14e74728a943d02048b0b554bbdb72dc63348e0cbe2616f89718f20A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
dffb03dd9181a15df67067f309c62e9515445ba6b21dab2a0a783789bdd11745Citrix NetScaler version 8.0 suffers from a weakly encrypted cookie vulnerability in the web management interface.
d8a56f4916a2c3e12e3b2734f56249642178a6c288d3db176f89945ce6179991Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
2e06f080021ff60bcf8b9cb7489435c704164dac4045d1cfd13d9742c972bf6bGentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected.
7b67b1016489ce2dc2c4b4acef3dea3f9d5c71b680d05fc40370606884914e36Gentoo Linux Security Advisory GLSA 200711-33 - Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. Versions less than 258 are affected.
9a9655e788342eb536edcb56980ac13a9d36bf70e3ec7a75becab68b2b67b33cPHP versions 5.2.4 and below suffer from a htaccess safemode and open_basedir bypass vulnerability via mail.force_extra_parameters.
5cb1872002031e72e4addf8a9712d045e489374143dd9a086c89e49cc9fa814aDebian Security Advisory 1412-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
ed2f83414ff3e14f7e07289bdb5c782888e2376074d021bac979dca15c1c977fDebian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
84a2a39811848c21a5aae5f866f5aa0f30a44e456a13a848ee406e79cc4ef16fDebian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
497756665c6f5c4cf52f9041b07c5a41ff282dfdfee0e1ec5700bd636e0ba660Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.
de07a6fe0e701ed7b01f3f5eefbb5bb47c729a17d5667f73d90e8d5560bcb97fSecunia Security Advisory - Adrian Pastor has reported some vulnerabilities in Linksys WAG54GS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
8458546f73097f38581716990e4ab5dceac1270f299ffc7296fc34f0d0d29890Secunia Security Advisory - Gentoo has issued an update for feynmf. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
bd6c1c8c664447b083af84f8cd11d96a38c82bb6a800a969e991148666f6157dSecunia Security Advisory - h07 has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
21b112f803d8ec645ff1f25b33ba50fdd1e6e3cf60102ccb287be6f5186098c5Secunia Security Advisory - Gentoo has acknowledged some vulnerabilities in cstetex, where some have unknown impacts and others can be exploited by malicious, local users to disclose and manipulate sensitive information, or by malicious users and malicious people to compromise a vulnerable system.
6f60fa6e32e699be7ee9e7209259c919828858697eb055b364db9e0b44c21091Secunia Security Advisory - A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a DoS (Denial of Service).
86780a9f4d2f00c1b684240837f335ada17a191d7268ea3ca920b2719df7df6bSecunia Security Advisory - Debian has issued an update for ruby1.8. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
406cba3e5f84e133ac395161076cc6bb4167838faea488727e59750a2d5ea703Secunia Security Advisory - Gentoo has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
4aa87906b97ad502967b3dcc219bb90b8ee5c706b771656511675dd368b0d5d2Secunia Security Advisory - Debian has issued an update for libopenssl-ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
5bc2b852e87a2982d0042f30f6dff17f000ae28d7f7d37f2755d7804f0600e40
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed